Cheap audio equipment makes ATM theft easier

ATM information theft is nothing new. Neither is the use of skimmers to gain access to the data. But it’s a little surprising just how easy it has become to hack together the devices using audio equipment. The images above are samples of a skimmer for sale from an Eastern-European do-no-good. It is the magnetic stripe sniffer portion of the attack which captures card data as an audio recording. That is later turned into the binary code that was read from the card. We’re just speculating, but that looks an awful lot like the PCB from a pen recorder, something you can pick up for just a couple of bucks.

I followed some links off the main article, looks like crooks are getting smarter. At least some- most of the on-line ad for skimmers were scams to steal from would-be theives (some poetic justice here). The scariest ones were the devices hidden inside gas pumps… there you have no indication anythin was amiss. They did mention the most outlying pumps were the most targeted.

Personally, I avoid ATMs, and use credit cards (more protection and no link to my account). Even my paypal account is linked to a small credit union account to prevent some black-hat hacker from draining my life savings.

Some of there devices have wi-fi links or send test messages… maybe we need to hack up a simple RF sniffer to detect them.

It seems that in addition to using its guts, the perpetrators also boosted its internal battery with third-party Li-poly packs. Which is a prudent thing to do, as the record time is limited by the battery capacity (~2 hours), not by memory (~20 hours at 2GB model, IIRC).

i suspect that the technology in the digital electronics are rather low tech to where a simple loud sharp noise would be read as a 1 and lack of noise as a 0.

so you the loud crack of dropping a pool ball on the pavement or the bang of a gun shot.

so in theory i guess if you had a way to have your friends time guns firing or banging pool balls on the pavement you could emulate the binary string on the card.

a way they could fix that problem is in the same security that garage door openers use.

when the card is swiped the atm sends the data to the bank then the bank tells the atm to write a new string of data to the card so if the card is copied then the next use of the card voids out 1 card so no 2 or more working copies could exist.

you do a transaction at the atm and the card gets written with a new code.

the skimmers make a new card and if they are able to use that code before you do another purchase on the card it will roll again making your card will no longer work alerting you to a problem.

you call up to find out what’s wrong and get a new card as a result of a stolen card being used.

That being the case wouldnt it be easier to use something like Propellorheadz Reason , and lay out the binary in a synthesizer I think this would be a little easier then throwing billard balls, and give much better accuracy. Then just generate a wav or what ever audio file this uses drop it in and you can generate credit card numbers. :P

Aren’t those mics normally capacitive versions?
Aren’t there 4 lanes of data in parallel?
I don’t see this thing on the picture working at all for cardcloning.
I guess Shaddack is right – this is only the video-pinlogger.
The real skimmer is more sophisticated at the sensorlevel.